Microsoft's GitHub organizations, including Azure and Azure-Samples, have been targeted by the "Miasma" self-replicating supply chain attack. This campaign resulted in GitHub disabling access to 73 repositories after they were found to be part of a larger infection chain. The attack is identified as a mutation of the Mini Shai-Hulud worm, which leverages compromised legitimate credentials to propagate across open-source ecosystems.
The attackers have refined their tactics by compromising the "durabletask" ecosystem and injecting malicious payloads that target AI coding agents like Claude Code, Cursor, and VS Code. By exploiting the trust model of platforms like npm and GitHub, the worm operates within legitimate channels, making detection difficult. This sustained campaign highlights critical vulnerabilities in software delivery security, as it continues to mutate and infect new public repositories.
Top comments (0)